[Xorp-hackers] Query on Policy-Based Routing

Mark Handley m.handley@cs.ucl.ac.uk
Fri, 12 Aug 2005 08:48:03 +0100 

> I'm not sure, but I think he means actual traffic
> coming from one interface should be forwarded down
> one path and traffic from another to some other
> path, ie not the actual route.
> 
> Something along the lines (on a cisco):
> >
> > interface FastEthernet 0/1
> >  ip address 192.168.1.1 255.255.255.0
> >  ip policy route-map example1
> > interface FastEthernet 0/2
> >  ip address 192.168.2.1 255.255.255.0
> > ...
> > ip route 0.0.0.0 0.0.0.0 172.20.1.1
> > route-map example1 permit 10
> >  set next-hop 10.0.0.1
> >
> >
> > traffic from FE0/1 goes to 10.0.0.1 while
> > everything else goes to 172.20.1.1
> >
> > Correct me if I'm wrong but XORP will never be
> > able to do this since it doesn't forward traffic.
> > It must be done by the kernel (unless the traffic
> > is lifted out into userspace first) and can be
> > done in for example Linux using iproute2.

I think you're right that you can't do this sort of thing in the
normal kernel forwarding table on Linux or BSD.  I haven't looked at
iproute2, but I'll take your work for it that it can do this.  You
could also do this sort of thing with a Click-based forwarding path. 
In neither case does XORP  have any way to configure this sort of
kernel-forwarding rule at the moment.

The policy routing framework Andrea has been working on is just that:
policy *routing*.  In other words it gives you a lot of control over
how the routing protocols behave, but the general model of routing
protocols still applies.  In particular, the routing protocols
contribute routes to a RIB (actually 4 RIBs, one for each combinaton
of {IPv4,IPv6} {unicast,multicast}).  For each RIB, there's only one
final nexthop for a packet with a particular destination IP address.

The sort of rule you describe, I would call policy *forwarding*, to
distinguish it from policy *routing*.  At this stage we only have the
latter and not the former.  The two are clearly complementary.

>From XORP's point of view, policy routing is critical to do well. 
Policy forwarding seems mostly to deal with corner-cases - what I
don't know is how common such corner cases are in the real world - I'd
love some feedback on this.

>From a practical point of view, cross-platform support for
policy-routing is pretty simple.  Cross-platform support for
policy-forwarding seems really hard.  Are there a common set of a
abstractions for policy-forwarding?  I haven't been tracking what the
IETF ForCES WG has been doing in this space, so maybe there's
something there.

Cheers,
Mark